lists.checkmk.com
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
September
August
July
June
May
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
April
March
February
January
2021
December
November
October
September
August
July
June
May
April
March
February
January
2020
December
November
October
September
August
July
June
May
April
March
February
January
2019
December
November
October
September
August
July
June
May
April
March
February
January
2018
December
November
October
September
August
July
June
May
April
March
February
January
2017
December
November
October
September
August
July
June
May
April
March
February
January
2016
December
November
October
September
August
July
June
May
April
March
February
January
2015
December
November
October
September
August
July
June
May
April
March
February
January
2014
December
November
October
September
August
July
June
May
April
March
February
January
2013
December
November
October
September
August
July
June
May
April
March
February
January
2012
December
November
October
September
August
July
June
May
April
March
February
January
2011
December
November
October
September
August
July
June
May
April
March
February
January
2010
December
November
October
List overview
Download
Checkmk git commits
November 2016
----- 2024 -----
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
----- 2021 -----
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
----- 2020 -----
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
----- 2019 -----
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
----- 2018 -----
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
----- 2017 -----
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
----- 2016 -----
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
----- 2015 -----
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
----- 2014 -----
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
----- 2013 -----
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
----- 2012 -----
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
----- 2011 -----
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
----- 2010 -----
December 2010
November 2010
October 2010
checkmk-commits@lists.checkmk.com
9 participants
299 discussions
Start a n
N
ew thread
Make IWYU happy again
by Sven Panne
Module: check_mk Branch: master Commit: f83f9a277c4b9399f2da307e036dc2ab518141f6 URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f83f9a277c4b93…
Author: Sven Panne <sp(a)mathias-kettner.de> Date: Tue Nov 8 11:24:42 2016 +0100 Make IWYU happy again --- livestatus/src/Store.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/livestatus/src/Store.cc b/livestatus/src/Store.cc index 8890e2c..24d4380 100644 --- a/livestatus/src/Store.cc +++ b/livestatus/src/Store.cc @@ -27,6 +27,7 @@ #include <cstring> #include <ctime> #include <ostream> +#include <memory> #include <utility> #include <vector> #include "EventConsoleConnection.h"
7 years, 10 months
1
0
0
0
Revert "Test commit for IWYU on Jenkins"
by Sven Panne
Module: check_mk Branch: master Commit: 6ccbcbd91ead66ba1aefe915a1ae70013c01accf URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6ccbcbd91ead66…
Author: Sven Panne <sp(a)mathias-kettner.de> Date: Tue Nov 8 11:23:10 2016 +0100 Revert "Test commit for IWYU on Jenkins" This reverts commit 3075e068d513b7da33296fb149140bb49541219b. --- livestatus/src/AndingFilter.cc | 1 - livestatus/src/ColumnsColumn.h | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/livestatus/src/AndingFilter.cc b/livestatus/src/AndingFilter.cc index f22ea9a..290ad43 100644 --- a/livestatus/src/AndingFilter.cc +++ b/livestatus/src/AndingFilter.cc @@ -23,7 +23,6 @@ // Boston, MA 02110-1301 USA. #include "AndingFilter.h" -#include <set> #include "Filter.h" using std::string; diff --git a/livestatus/src/ColumnsColumn.h b/livestatus/src/ColumnsColumn.h index d7e0c1c..3ce9215 100644 --- a/livestatus/src/ColumnsColumn.h +++ b/livestatus/src/ColumnsColumn.h @@ -28,7 +28,7 @@ #include "config.h" // IWYU pragma: keep #include <string> #include "StringColumn.h" -#include "TableColumns.h" +class TableColumns; #define COLCOL_TABLE 1 #define COLCOL_NAME 2
7 years, 10 months
1
0
0
0
Test commit for IWYU on Jenkins
by Sven Panne
Module: check_mk Branch: master Commit: 3075e068d513b7da33296fb149140bb49541219b URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3075e068d513b7…
Author: Sven Panne <sp(a)mathias-kettner.de> Date: Tue Nov 8 11:09:13 2016 +0100 Test commit for IWYU on Jenkins --- livestatus/src/AndingFilter.cc | 1 + livestatus/src/ColumnsColumn.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/livestatus/src/AndingFilter.cc b/livestatus/src/AndingFilter.cc index 290ad43..f22ea9a 100644 --- a/livestatus/src/AndingFilter.cc +++ b/livestatus/src/AndingFilter.cc @@ -23,6 +23,7 @@ // Boston, MA 02110-1301 USA. #include "AndingFilter.h" +#include <set> #include "Filter.h" using std::string; diff --git a/livestatus/src/ColumnsColumn.h b/livestatus/src/ColumnsColumn.h index 3ce9215..d7e0c1c 100644 --- a/livestatus/src/ColumnsColumn.h +++ b/livestatus/src/ColumnsColumn.h @@ -28,7 +28,7 @@ #include "config.h" // IWYU pragma: keep #include <string> #include "StringColumn.h" -class TableColumns; +#include "TableColumns.h" #define COLCOL_TABLE 1 #define COLCOL_NAME 2
7 years, 10 months
1
0
0
0
Use our own iwyu_tool variant.
by Sven Panne
Module: check_mk Branch: master Commit: 02cd19fb4408d183abdd7ce61f7448c436ea9347 URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=02cd19fb4408d1…
Author: Sven Panne <sp(a)mathias-kettner.de> Date: Tue Nov 8 11:00:50 2016 +0100 Use our own iwyu_tool variant. --- Makefile | 4 +- tests/iwyu_tool_jenkins.py | 214 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 216 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 2ad28da..30f250f 100644 --- a/Makefile +++ b/Makefile @@ -40,7 +40,7 @@ CLANG_TIDY := clang-tidy-$(CLANG_VERSION) SCAN_BUILD := scan-build-$(CLANG_VERSION) CPPCHECK := cppcheck DOXYGEN := doxygen -IWYU_TOOL := iwyu_tool.py +IWYU_TOOL := tests/iwyu_tool_jenkins.py BEAR := bear # File to pack into livestatus-$(VERSION).tar.gz @@ -297,7 +297,7 @@ tidy: compile_commands.json # Not really perfect rules, but better than nothing iwyu: compile_commands.json - @$(IWYU_TOOL) -p . + @$(IWYU_TOOL) --clang-style -p . # Not really perfect rules, but better than nothing analyze: livestatus/config.h diff --git a/tests/iwyu_tool_jenkins.py b/tests/iwyu_tool_jenkins.py new file mode 100755 index 0000000..ef42b65 --- /dev/null +++ b/tests/iwyu_tool_jenkins.py @@ -0,0 +1,214 @@ +#!/usr/bin/env python + +""" Driver to consume a Clang compilation database and invoke IWYU. + +Example usage with CMake: + + # Unix systems + $ mkdir build && cd build + $ CC="clang" CXX="clang++" cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ... + $ iwyu_tool.py -p . + + # Windows systems + $ mkdir build && cd build + $ cmake -DCMAKE_CXX_COMPILER="%VCINSTALLDIR%/bin/cl.exe" \ + -DCMAKE_C_COMPILER="%VCINSTALLDIR%/VC/bin/cl.exe" \ + -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ + -G Ninja ... + $ python iwyu_tool.py -p . + +See iwyu_tool.py -h for more details on command-line arguments. +""" + +import os +import sys +import json +import argparse +import subprocess +import re + + +CORRECT_RE = re.compile(r'^\((.*?) has correct #includes/fwd-decls\)$') +SHOULD_ADD_RE = re.compile(r'^(.*?) should add these lines:$') +SHOULD_REMOVE_RE = re.compile(r'^(.*?) should remove these lines:$') +FULL_LIST_RE = re.compile(r'The full include-list for (.*?):$') +END_RE = re.compile(r'^---$') +LINES_RE = re.compile(r'.*// lines ([0-9]+)-[0-9]+$') + + +GENERAL, ADD, REMOVE, LIST = range(4) + + +def process_output(output): + """ Process iwyu's output into something clang-like. """ + state = (GENERAL, None) + for line in output: + match = CORRECT_RE.match(line) + if match: + print('%s has correct #includes/fwd-decls' % match.groups(1)) + continue + match = SHOULD_ADD_RE.match(line) + if match: + state = (ADD, match.group(1)) + continue + match = SHOULD_REMOVE_RE.match(line) + if match: + state = (REMOVE, match.group(1)) + continue + match = FULL_LIST_RE.match(line) + if match: + state = (LIST, match.group(1)) + print('%s:1:1: error: full include list follows' % state[1]) + elif END_RE.match(line): + state = (GENERAL, None) + elif state[0] != GENERAL and not line.strip(): + continue + elif state[0] == ADD: + print('%s:1:1: error: add the following line' % state[1]) + print(line) + elif state[0] == REMOVE: + match = LINES_RE.match(line) + line_no = match.group(1) if match else '1' + print('%s:%s:1: error: remove the following line' % (state[1], line_no)) + print(line[2:]) + else: + print(line) + + +def get_output(cwd, command): + """ Run the given command and return its output as a string. """ + process = subprocess.Popen(command, + cwd=cwd, + shell=True, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + return process.communicate()[0].decode("utf-8").splitlines() + + +def run_iwyu(cwd, compile_command, iwyu_args, verbose, clang_style): + """ Rewrite compile_command to an IWYU command, and run it. """ + compiler, _, args = compile_command.partition(' ') + if compiler.endswith('cl.exe'): + # If the compiler name is cl.exe, let IWYU be cl-compatible + clang_args = ['--driver-mode=cl'] + else: + clang_args = [] + + iwyu_args = ['-Xiwyu ' + a for a in iwyu_args] + command = ['include-what-you-use'] + clang_args + iwyu_args + command = '%s %s' % (' '.join(command), args.strip()) + + if verbose: + print('%s:' % command) + + output = get_output(cwd, command) + if clang_style: + process_output(output) + else: + print('\n'.join(output)) + + +def main(compilation_db_path, source_files, verbose, clang_style, iwyu_args): + """ Entry point. """ + # Canonicalize compilation database path + if os.path.isdir(compilation_db_path): + compilation_db_path = os.path.join(compilation_db_path, + 'compile_commands.json') + + compilation_db_path = os.path.realpath(compilation_db_path) + if not os.path.isfile(compilation_db_path): + print('ERROR: No such file or directory: \'%s\'' % compilation_db_path) + return 1 + + # Read compilation db from disk + with open(compilation_db_path, 'r') as fileobj: + compilation_db = json.load(fileobj) + + # expand symlinks + for entry in compilation_db: + entry['file'] = os.path.realpath(entry['file']) + + # Cross-reference source files with compilation database + source_files = [os.path.realpath(s) for s in source_files] + if not source_files: + # No source files specified, analyze entire compilation database + entries = compilation_db + else: + # Source files specified, analyze the ones appearing in compilation db, + # warn for the rest. + entries = [] + for source in source_files: + matches = [e for e in compilation_db if e['file'] == source] + if matches: + entries.extend(matches) + else: + print('WARNING: \'%s\' not found in compilation database.' % + source) + + # Run analysis + try: + for entry in entries: + cwd, compile_command = entry['directory'], entry['command'] + run_iwyu(cwd, compile_command, iwyu_args, verbose, clang_style) + except OSError as why: + print('ERROR: Failed to launch include-what-you-use: %s' % why) + return 1 + + return 0 + + +def _bootstrap(): + """ Parse arguments and dispatch to main(). """ + # This hackery is necessary to add the forwarded IWYU args to the + # usage and help strings. + def customize_usage(parser): + """ Rewrite the parser's format_usage. """ + original_format_usage = parser.format_usage + parser.format_usage = lambda: original_format_usage().rstrip() + \ + ' -- [<IWYU args>]' + os.linesep + + def customize_help(parser): + """ Rewrite the parser's format_help. """ + original_format_help = parser.format_help + + def custom_help(): + """ Customized help string, calls the adjusted format_usage. """ + helpmsg = original_format_help() + helplines = helpmsg.splitlines() + helplines[0] = parser.format_usage().rstrip() + return os.linesep.join(helplines) + os.linesep + + parser.format_help = custom_help + + # Parse arguments + parser = argparse.ArgumentParser( + description='Include-what-you-use compilation database driver.', + epilog='Assumes include-what-you-use is available on the PATH.') + customize_usage(parser) + customize_help(parser) + + parser.add_argument('-v', '--verbose', action='store_true', + help='Print IWYU commands') + parser.add_argument('-c', '--clang-style', action='store_true', + help='Use clang-style output format') + parser.add_argument('-p', metavar='<build-path>', required=True, + help='Compilation database path', dest='dbpath') + parser.add_argument('source', nargs='*', + help='Zero or more source files to run IWYU on. ' + 'Defaults to all in compilation database.') + + def partition_args(argv): + """ Split around '--' into driver args and IWYU args. """ + try: + double_dash = argv.index('--') + return argv[:double_dash], argv[double_dash+1:] + except ValueError: + return argv, [] + + argv, iwyu_args = partition_args(sys.argv[1:]) + args = parser.parse_args(argv) + sys.exit(main(args.dbpath, args.source, args.verbose, args.clang_style, iwyu_args)) + + +if __name__ == '__main__': + _bootstrap()
7 years, 10 months
1
0
0
0
Fixed bandit test paths
by Lars Michelsen
Module: check_mk Branch: master Commit: 13452adba48247488122da3d89fc83e08cab51b3 URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=13452adba48247…
Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Nov 8 09:56:59 2016 +0100 Fixed bandit test paths --- tests/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 0baa9ae..b66c5bf 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -17,16 +17,16 @@ test-bandit-ci: # Currently only care about high severity reported issues. Once this is # reached, go and enable the medium/low checks. CMK_DIR="$(realpath ..)" ; \ - CMC_DIR="$(realpath ..)" ; \ + CMC_DIR="$(realpath ../../cmc/)" ; \ bandit \ -c "$$CMK_DIR/bandit.yaml" \ -r \ - -f xml -o "$$WORKDIR/bandit_results.xml" \ -lll \ + -f xml -o "$$WORKDIR/bandit_results.xml" \ "$$CMK_DIR" \ - "$$CMK_DIR/checks/*" \ - "$$CMK_DIR/inventory/*" \ - "$$CMC_DIR" + "$$CMK_DIR"/{checks,inventory}/* \ + "$$CMC_DIR" \ + "$$CMC_DIR"/agents/{plugins,bakery}/* test-pylint-ci:
7 years, 10 months
1
0
0
0
Fixed path issues in test-bandit-ci target
by Lars Michelsen
Module: check_mk Branch: master Commit: 7bf62ec21d29363fe01ae943e01a73b19f240e0f URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7bf62ec21d2936…
Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 7 22:00:22 2016 +0100 Fixed path issues in test-bandit-ci target --- tests/Makefile | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index b6cbcc9..0baa9ae 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,10 +1,11 @@ SHELL=/bin/bash help: - @echo "test - Run all tests" - @echo "test-pylint - Run pylint based tests" - @echo "test-bandit - Run bandit (security) tests" - @echo "setup - Install dependencies" + @echo "test - Run all tests" + @echo "test-pylint - Run pylint based tests" + @echo "test-pylint-ci - Run pylint based tests within Jenkins" + @echo "test-bandit-ci - Run bandit (security) tests within Jenkins" + @echo "setup - Install dependencies" test: py.test @@ -12,17 +13,20 @@ test: test-pylint: py.test -k pylint -test-bandit: +test-bandit-ci: # Currently only care about high severity reported issues. Once this is # reached, go and enable the medium/low checks. + CMK_DIR="$(realpath ..)" ; \ + CMC_DIR="$(realpath ..)" ; \ bandit \ - -c ../bandit.yaml \ + -c "$$CMK_DIR/bandit.yaml" \ -r \ - -f xml -o $$WORKDIR/bandit_results.xml \ + -f xml -o "$$WORKDIR/bandit_results.xml" \ -lll \ - $(realpath ..) \ - $(realpath ..)/{checks,inventory}/* \ - $(realpath ../cmc/) + "$$CMK_DIR" \ + "$$CMK_DIR/checks/*" \ + "$$CMK_DIR/inventory/*" \ + "$$CMC_DIR" test-pylint-ci:
7 years, 10 months
1
0
0
0
crawl test: detect incomplete runs by comparing number of URLs with last run
by Lars Michelsen
Module: check_mk Branch: master Commit: e0dffc5089059b2cf13a4f66ff0f1af0328bc297 URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e0dffc5089059b…
Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 7 21:11:23 2016 +0100 crawl test: detect incomplete runs by comparing number of URLs with last run --- tests/web/test_crawl.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/web/test_crawl.py b/tests/web/test_crawl.py index 7d09f93..32a178f 100644 --- a/tests/web/test_crawl.py +++ b/tests/web/test_crawl.py @@ -313,12 +313,21 @@ class TestCrawler(object): def update_total_stats(self, finished): stats = self.stats.setdefault("_TOTAL_", {}) + stats["last_num_visited"] = len(self.visited) stats["last_duration"] = time.time() - self.started stats["last_errors"] = self.errors stats["last_finished"] = finished if finished: + if stats.get("last_finished_num_visited", 0) > 0: + perc = float(stats["last_num_visited"]) * 100 / stats["last_finished_num_visited"] + if perc < 80.0: + self.error("Finished and walked %d URLs, previous run walked %d URLs. That " + "is %0.2f %% of the previous run. Something seems to be wrong." + % (stats["last_num_visited"], stats["last_finished_num_visited"], + perc)) + stats["last_finished_num_visited"] = stats["last_num_visited"] stats["last_finished_duration"] = stats["last_duration"] stats["last_finished_errors"] = stats["last_errors"]
7 years, 10 months
1
0
0
0
First experiments with bandit security scanner
by Lars Michelsen
Module: check_mk Branch: master Commit: c3eba7ca835c3ec23c7ac5f314ffa5461c6dbf19 URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c3eba7ca835c3e…
Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 7 21:30:45 2016 +0100 First experiments with bandit security scanner --- bandit.yaml | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/Makefile | 18 ++++++- 2 files changed, 178 insertions(+), 1 deletion(-) diff --git a/bandit.yaml b/bandit.yaml new file mode 100644 index 0000000..5829195 --- /dev/null +++ b/bandit.yaml @@ -0,0 +1,161 @@ + +### Bandit config file generated from: +# '/usr/local/bin/bandit-config-generator -o ../bandit.yaml' + +### This config may optionally select a subset of tests to run or skip by +### filling out the 'tests' and 'skips' lists given below. If no tests are +### specified for inclusion then it is assumed all tests are desired. The skips +### set will remove specific tests from the include set. This can be controlled +### using the -t/-s CLI options. Note that the same test ID should not appear +### in both 'tests' and 'skips', this would be nonsensical and is detected by +### Bandit at runtime. + +# Available tests: +# B101 : assert_used +# B102 : exec_used +# B103 : set_bad_file_permissions +# B104 : hardcoded_bind_all_interfaces +# B105 : hardcoded_password_string +# B106 : hardcoded_password_funcarg +# B107 : hardcoded_password_default +# B108 : hardcoded_tmp_directory +# B109 : password_config_option_not_marked_secret +# B110 : try_except_pass +# B111 : execute_with_run_as_root_equals_true +# B112 : try_except_continue +# B201 : flask_debug_true +# B301 : pickle +# B302 : marshal +# B303 : md5 +# B304 : ciphers +# B305 : cipher_modes +# B306 : mktemp_q +# B307 : eval +# B308 : mark_safe +# B309 : httpsconnection +# B310 : urllib_urlopen +# B311 : random +# B312 : telnetlib +# B313 : xml_bad_cElementTree +# B314 : xml_bad_ElementTree +# B315 : xml_bad_expatreader +# B316 : xml_bad_expatbuilder +# B317 : xml_bad_sax +# B318 : xml_bad_minidom +# B319 : xml_bad_pulldom +# B320 : xml_bad_etree +# B321 : ftplib +# B401 : import_telnetlib +# B402 : import_ftplib +# B403 : import_pickle +# B404 : import_subprocess +# B405 : import_xml_etree +# B406 : import_xml_sax +# B407 : import_xml_expat +# B408 : import_xml_minidom +# B409 : import_xml_pulldom +# B410 : import_lxml +# B411 : import_xmlrpclib +# B412 : import_httpoxy +# B501 : request_with_no_cert_validation +# B502 : ssl_with_bad_version +# B503 : ssl_with_bad_defaults +# B504 : ssl_with_no_version +# B505 : weak_cryptographic_key +# B506 : yaml_load +# B601 : paramiko_calls +# B602 : subprocess_popen_with_shell_equals_true +# B603 : subprocess_without_shell_equals_true +# B604 : any_other_function_with_shell_equals_true +# B605 : start_process_with_a_shell +# B606 : start_process_with_no_shell +# B607 : start_process_with_partial_path +# B608 : hardcoded_sql_expressions +# B609 : linux_commands_wildcard_injection +# B701 : jinja2_autoescape_false +# B702 : use_of_mako_templates + +# (optional) list included test IDs here, eg '[B101, B406]': +tests: + +# (optional) list skipped test IDs here, eg '[B101, B406]': +skips: + +### (optional) plugin settings - some test plugins require configuration data +### that may be given here, per-plugin. All bandit test plugins have a built in +### set of sensible defaults and these will be used if no configuration is +### provided. It is not necessary to provide settings for every (or any) plugin +### if the defaults are acceptable. + +any_other_function_with_shell_equals_true: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +execute_with_run_as_root_equals_true: + function_names: [ceilometer.utils.execute, cinder.utils.execute, neutron.agent.linux.utils.execute, + nova.utils.execute, nova.utils.trycmd] +hardcoded_tmp_directory: + tmp_dirs: [/tmp, /var/tmp, /dev/shm] +linux_commands_wildcard_injection: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +password_config_option_not_marked_secret: + function_names: [oslo.config.cfg.StrOpt, oslo_config.cfg.StrOpt] +ssl_with_bad_defaults: + bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3, + PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD] +ssl_with_bad_version: + bad_protocol_versions: [PROTOCOL_SSLv2, SSLv2_METHOD, SSLv23_METHOD, PROTOCOL_SSLv3, + PROTOCOL_TLSv1, SSLv3_METHOD, TLSv1_METHOD] +start_process_with_a_shell: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +start_process_with_no_shell: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +start_process_with_partial_path: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +subprocess_popen_with_shell_equals_true: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +subprocess_without_shell_equals_true: + no_shell: [os.execl, os.execle, os.execlp, os.execlpe, os.execv, os.execve, os.execvp, + os.execvpe, os.spawnl, os.spawnle, os.spawnlp, os.spawnlpe, os.spawnv, os.spawnve, + os.spawnvp, os.spawnvpe, os.startfile] + shell: [os.system, os.popen, os.popen2, os.popen3, os.popen4, popen2.popen2, popen2.popen3, + popen2.popen4, popen2.Popen3, popen2.Popen4, commands.getoutput, commands.getstatusoutput] + subprocess: [subprocess.Popen, subprocess.call, subprocess.check_call, subprocess.check_output, + utils.execute, utils.execute_with_timeout] +try_except_continue: {check_typed_exception: false} +try_except_pass: {check_typed_exception: false} + diff --git a/tests/Makefile b/tests/Makefile index a3b6524..b6cbcc9 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,6 +1,9 @@ +SHELL=/bin/bash + help: @echo "test - Run all tests" @echo "test-pylint - Run pylint based tests" + @echo "test-bandit - Run bandit (security) tests" @echo "setup - Install dependencies" test: @@ -9,6 +12,18 @@ test: test-pylint: py.test -k pylint +test-bandit: + # Currently only care about high severity reported issues. Once this is + # reached, go and enable the medium/low checks. + bandit \ + -c ../bandit.yaml \ + -r \ + -f xml -o $$WORKDIR/bandit_results.xml \ + -lll \ + $(realpath ..) \ + $(realpath ..)/{checks,inventory}/* \ + $(realpath ../cmc/) + test-pylint-ci: export TERM="linux" ; \ @@ -29,5 +44,6 @@ setup: beautifulsoup4 \ pytest-stepwise \ dill \ - html5lib + html5lib \ + bandit $(MAKE) -C pylint setup
7 years, 10 months
1
0
0
0
Minor comment cleanup
by Konstantin Büttner
Module: check_mk Branch: master Commit: bb29040193f3c5bf599cf94762b0d6242b9f44c0 URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bb29040193f3c5…
Author: Konstantin Büttner <kb(a)mathias-kettner.de> Date: Mon Nov 7 16:19:53 2016 +0100 Minor comment cleanup --- web/plugins/wato/check_parameters.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py index 01b5c8e..68b2b14 100644 --- a/web/plugins/wato/check_parameters.py +++ b/web/plugins/wato/check_parameters.py @@ -3990,8 +3990,6 @@ register_check_parameters( # | | __/| | | | | | | |_| | | | | (_| | | # | |_| |_| |_|_| |_|\__|_|_| |_|\__, | | # | |___/ | -# +----------------------------------------------------------------------+ -# | | # '----------------------------------------------------------------------' def transform_printer_supply(l): @@ -4245,8 +4243,6 @@ register_check_parameters( # | | |_| \__ \ | # | \___/|___/ | # | | -# +----------------------------------------------------------------------+ -# | | # '----------------------------------------------------------------------' register_check_parameters(
7 years, 10 months
1
0
0
0
storcli_pdisks, storcli_vdrives: Now WATO configurable
by Konstantin Büttner
Module: check_mk Branch: master Commit: b5cbcfe903f6087d841ff18e7a91bbd1bb3550fb URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b5cbcfe903f608…
Author: Konstantin Büttner <kb(a)mathias-kettner.de> Date: Mon Nov 7 16:18:46 2016 +0100 storcli_pdisks, storcli_vdrives: Now WATO configurable --- checks/storcli_pdisks | 3 +- checks/storcli_vdrives | 3 +- web/plugins/wato/check_parameters.py | 85 ++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 2 deletions(-) diff --git a/checks/storcli_pdisks b/checks/storcli_pdisks index cce58f6..0ad0464 100644 --- a/checks/storcli_pdisks +++ b/checks/storcli_pdisks @@ -85,5 +85,6 @@ check_info["storcli_pdisks"] = { "parse_function" : parse_storcli_pdisks, "inventory_function" : inventory_storcli_pdisks, "check_function" : check_storcli_pdisks, - "service_description" : "RAID PDisk EID:Slot-Device %s" + "service_description" : "RAID PDisk EID:Slot-Device %s", + "group" : "storcli_pdisks", } diff --git a/checks/storcli_vdrives b/checks/storcli_vdrives index 223e9d8..c5d2886 100644 --- a/checks/storcli_vdrives +++ b/checks/storcli_vdrives @@ -90,5 +90,6 @@ check_info["storcli_vdrives"] = { "parse_function" : parse_storcli_vdrives, "inventory_function" : inventory_storcli_vdrives, "check_function" : check_storcli_vdrives, - "service_description" : "RAID Virtual Drive %s" + "service_description" : "RAID Virtual Drive %s", + "group" : "storcli_vdrives", } diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py index 19dcd2f..01b5c8e 100644 --- a/web/plugins/wato/check_parameters.py +++ b/web/plugins/wato/check_parameters.py @@ -3897,6 +3897,91 @@ register_check_parameters( "first" ) +register_check_parameters( + subgroup_storage, + "storcli_vdrives", + _("LSI RAID VDrives (StorCLI)"), + Dictionary( + title = _("Evaluation of VDrive States"), + elements = [ + ( "Optimal", + MonitoringState( + title = _("State for <i>Optimal</i>"), + default_value = 0, + )), + ( "Partially Degraded", + MonitoringState( + title = _("State for <i>Partially Degraded</i>"), + default_value = 1, + )), + ( "Degraded", + MonitoringState( + title = _("State for <i>Degraded</i>"), + default_value = 2, + )), + ( "Offline", + MonitoringState( + title = _("State for <i>Offline</i>"), + default_value = 1, + )), + ( "Recovery", + MonitoringState( + title = _("State for <i>Recovery</i>"), + default_value = 1, + )), + ]), + TextAscii( + title = _("Virtual Drive"), + allow_empty = False, + ), + "dict" +) + +register_check_parameters( + subgroup_storage, + "storcli_pdisks", + _("LSI RAID physical disks (StorCLI)"), + Dictionary( + title = _("Evaluation of PDisk States"), + elements = [ + ( "Dedicated Hot Spare", + MonitoringState( + title = _("State for <i>Dedicated Hot Spare</i>"), + default_value = 0, + )), + ( "Global Hot Spare", + MonitoringState( + title = _("State for <i>Global Hot Spare</i>"), + default_value = 0, + )), + ( "Unconfigured Good", + MonitoringState( + title = _("State for <i>Unconfigured Good</i>"), + default_value = 0, + )), + ( "Unconfigured Bad", + MonitoringState( + title = _("State for <i>Unconfigured Bad</i>"), + default_value = 1, + )), + ( "Online", + MonitoringState( + title = _("State for <i>Online</i>"), + default_value = 0, + )), + ( "Offline", + MonitoringState( + title = _("State for <i>Offline</i>"), + default_value = 2, + )), + ]), + TextAscii( + title = _("PDisk EID:Slot-Device"), + allow_empty = False, + ), + "dict" +) + #. # .--Printing------------------------------------------------------------. # | ____ _ _ _ |
7 years, 10 months
1
0
0
0
← Newer
1
...
21
22
23
24
25
26
27
...
30
Older →
Jump to page:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Results per page:
10
25
50
100
200